Aim, Fire: Bulletproofs Is a Crypto Privacy Breakthrough

01/16/2018 - 6 minutes read

There’s a new privacy technology in the crypto Wild West, and if the rate at which it’s winning favor from developers is any sign, it’s one to watch.

Called “bulletproofs,” the new invention by University College of London’s Jonathan Bootle and Stanford’s Benedikt Bunz was announced last month, and quickly developers from major blockchains took steps to implement the code. Created initially for use on bitcoin, bulletproofs are already being adapted for monero and mimblewimble, and litecoin’s creator has said its blockchain, one of the 10 largest, may follow suit.

And the reason for the interest is that bulletproofs is believed to offer something of a rarity in the cryptocurrency sector, code that is both simple for blockchains to execute and powerful in the way it boosts privacy.

While part of a public blockchain’s appeal doubtless lies in the transparency it provides (enabling, say, more auditable financial markets), this attribute isn’t always desirable, especially when users want to transact privately or enterprises need some level of confidentiality between partners.

Reflecting on the hype, Bunz told CoinDesk that while some of the cryptography underlying bulletproofs has been in use since the 1970s, new advancements are allowing it to be applied to cryptocurrency systems.

“If there wasn’t a clear application in mind, the time and resources would have been devoted to something else,” Bunz said, continuing:

“It’s a lucky and good marriage of these two timelines working together. The killer application and the technology are meeting each other. The killer application is the money application.”

Behold, bulletproofs

Based on a technology called confidential transactions, bulletproofs’ most notable feature may be that it minimizes computational excess.

Instead of obscuring the entirety of a blockchain, bulletproofs only conceals the quantities sent within a transaction – the sender and recipient’s address are still visible, but the amount being sent is not. And while it’s not total anonymity, the confidentiality added with bulletproofs can be handled by already operational blockchains, said Bunz.

“I wouldn’t want my salary to be made public, and if you run a business you don’t want to say publicly how much you’re paying your supplier,” Bunz said, adding:

“I don’t think you have to be a idealist to see that confidentially for money is basically a requirement.”

There could be other derivative benefits as well.

For example, according to reports from the monero developement team, the use of bulletproofs could reduce transaction fees (another hot topic as blockchain fees continue to rise) for private transactions by up to 80 percent.

On top of this, the more bulletproof transactions you verify at once, the cheaper the process gets, Bunz told an audience at a lecture in UCL, pointing out that this could mean it works even better when used with existing privacy tech like “CoinJoin” – a popular piece of code that today fuses transactions together.

But it’s not just the lightweight confidentiality that makes bulletproofs so attractive. It’s also in the fact that the tech doesn’t require trust in others, like zcash’s zk-snarks tech does (the reason for its elaborate generation ceremonies). And, while the trusted setup is getting increasingly more secure, the process is still much criticized.

For bulletproofs, the real cause for celebration is perhaps that developers don’t seem to have found any issues with it. Speaking to CoinDesk, anonymous researcher for the Monero Research Lab, Surang Noether described bulletproofs as a “net win on all fronts” for cryptocurrency.

Echoing that sentiment, Bunz told CoinDesk:

“It’s just better. It’s shorter, more efficient, three times faster – it’s better than the old system in every way.”

Testing continues

That said, bulletproofs technology is still young and nascent, and while other blockchain developers are interested in adding it to their tech stacks, it won’t see implementation on bitcoin anytime soon.

On Reddit, co-author of the bulletproofs white paper and bitcoin developer Peter Wuille said its still “far too premature” to propose the tech’s inclusion in bitcoin.

Adding to that, another co-author of the white paper, Andrew Poelstra, wrote on a mailing list that the tech is still not ready for a “serious proposal to get anywhere.”

And speaking to CoinDesk, mimblewimble’s lead developer, Ignotus Peverell, agreed with the hesitation, saying that the tech should be deployed and tested in the wild, on smaller platforms like monero or mimblewimble before high-profile blockchains like bitcoin should add the feature.

Still, according to Peverell:

“We’re a lot closer to that goal [of private transactions] now, than we were before bulletproofs.”

Disclosure: CoinDesk is a subsidiary of Digital Currency Group, which has an ownership stake in Zcash Company.